<?
session_start();
require("connect.php");
$username=$_REQUEST["username"];
$password=$_REQUEST["password"];
$quyen=$_REQUEST["quyen"];
if ($_REQUEST["cmd"]=="Login"){
	//$sql="SELECT * FROM admins WHERE AdUsername='".$username."' and AdPassword='".md5($pass)."'";
	$sql="select * from nguoidung where username='".$username."' and password='".md5($password)."' and quyen='".$quyen."'";
	$result=mysql_query($sql) or die("Loi lay du lieu ".$sql);
	if (mysql_num_rows($result)<=0){
		$_SESSION["login_error"]=" Khong co tai khoan nay !";
		$_SESSION["login"] = false;
		header("Location:login.php");
	}else {
					$_SESSION["login"] = true;
					$_SESSION["login_error"]="";
					$row=mysql_fetch_array($result);
					$_SESSION["username"]=$row["username"];
					$_SESSION["quyen"]=$row["quyen"];
					//$_SESSION["MaKH"] = $row["MaKH"];
					header("Location:index.php");					
													
	}
}
else {
	$_SESSION["login"] = false;
	$_SESSION["login_error"]="Ban phai dang nhap!";
	header("Location:index.php");
}
?>